This aims to clarify a few inline comments related to removing percent-encoded characters and HTML entities.
Affected functions:
* `sanitize_user()`
* `sanitize_title_with_dashes()`
* `sanitize_html_class()`
* `_sanitize_text_fields()`
* `get_comments_number_text()`
Follow-up to [465], [3454], [11433], [12503], [37987].
Props ace100, tanjimtc71, codemonksuvro, SergeyBiryukov.
Fixes#57712.
Built from https://develop.svn.wordpress.org/trunk@55346
git-svn-id: http://core.svn.wordpress.org/trunk@54879 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Layout style properties are stored using indirect values, rather than direct CSS properties.
Allow users without the `unfiltered_html` capability to modify global styles using the indirect block spacing properties `contentSize`, `wideSize`, and `blockGap`, using a mapping of the eventual CSS property to the indirect property stored in `theme.json`. The mapped CSS property is then used for CSS validation.
Props andrewserong, costdev, hellofromtonya, mamaduka, mmtr86.
Fixes#57321.
Built from https://develop.svn.wordpress.org/trunk@55345
git-svn-id: http://core.svn.wordpress.org/trunk@54878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Sets the `styles` block setting to an empty array in the `REST_Block_Type_Controller_Test::test_get_item_invalid()` test to resolve:
{{{
Warning: foreach() argument must be of type array|object, string given in wp-includes/class-wp-theme-json.php on line 835
}}}
Previously the test set the `styles` setting to a string value, which is incompatible. The problem surfaced after [55172] added a `foreach` to iterate the `styles`. The root cause was due to this test passing a string instead of an array.
Why?
`WP_Block_Type` `styles` property is documented as only accepting an array data type. At the time of this changeset, it does not validate before setting the property.
Code interacting with the property expects it to be an array data type. The PHP Warning alerts that of a doing it wrong when the incorrect data type is registered for the block type.
Follow-up to [55172], [48173].
Props tanjimtc71, hellofromTonya, kapilpaul.
Fixes#57706.
Built from https://develop.svn.wordpress.org/trunk@55342
git-svn-id: http://core.svn.wordpress.org/trunk@54875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The call stack for `WP_UnitTestCase_Base::set_up()` includes a call to `WP_List_Util::pluck()`, which creates an inaccurate coverage report for this method.
To resolve, `parent::set_up()` is removed from `Tests_Functions_wpListPluck::set_up()`.
To ensure that deprecation and incorrect usage notices continue to be detectable, `$this->expectDeprecated()` is added in the test's `set_up()` fixture.
Follow-up to [51663], [28900].
Props costdev, jrf, SergeyBiryukov, audrasjb.
Fixes#56706.
Built from https://develop.svn.wordpress.org/trunk@55341
git-svn-id: http://core.svn.wordpress.org/trunk@54874 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Per the [https://developer.wordpress.org/coding-standards/inline-documentation-standards/php/#6-file-headers documentation standards], whenever possible, all WordPress files should contain a header DocBlock, regardless of the file’s contents – this includes files containing classes.
However, this recommendation makes less sense for unit test classes if not applied consistently, and the duplicate tags cause some confusion.
This commit aims to reduce confusion and avoid repeating information by combining the DocBlocks.
Follow-up to [40607], [43183], [43291], [43292], [43499], [43568], [44502], [44535], [44628], [44786], [44824], [44906], [44909], [46175].
Props wojtekn, antonvlasenko, arafatjamil01, hztyfoon, mukesh27, costdev, jamilbd07, robinwpdeveloper, SergeyBiryukov.
Fixes#57099.
Built from https://develop.svn.wordpress.org/trunk@55337
git-svn-id: http://core.svn.wordpress.org/trunk@54870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Although `add_action` and `add_filter` are internally the same, `pre_get_posts` is an action hook. This change updates the hook type to match what developers would expect when evaluating the code.
Follow-up to [52316].
Props swissspidy, riccardodicurti.
Fixes#57097.
Built from https://develop.svn.wordpress.org/trunk@55335
git-svn-id: http://core.svn.wordpress.org/trunk@54868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves a few WPCS warnings:
{{{
Variable "$cat_ID" is not in valid snake_case format, try "$cat_i_d"
}}}
Affected functions:
* `wp_delete_category()`
* `get_category_rss_link()`
* `get_catname()`
Follow-up to [836], [2068], [2551], [2695], [6365], [10959], [52958], [55190].
Fixes#56754.
Built from https://develop.svn.wordpress.org/trunk@55334
git-svn-id: http://core.svn.wordpress.org/trunk@54867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Updates the `@wordpress` packages to include the following changes:
- Add missing period in keyboard shortcut descriptions
- Site Editor: Append template type and name to the site editor page title
- Specify active color state for template navigation button
- Global Styles: Move more link about custom CSS to part of description
- ToolsPanel: Display optional items when values are updated externally
- File block: Re-add editor styles for classic themes
- Enable undo after creating a new menu
- Style Book: Exclude blocks that are not allowed to insert
- Add basic tsconfig.json validation
- Fix Experiments native variant breakage
- Update moment and moment-timezone packages to fix timezone issues
- NavigatorButton: Reuse Button types
- ToolsPanel: Ensure display of optional items when panel id is null
- ColorPalette: Ensure text label contrast checking works with CSS variables
- Components: Add support for named arguments in the navigator components
- Rename experiments package to private-apis
- Cherry-pick CLI: Fix the default label to match the documentation
- Handle block metadata attribute and related experimental APIs
- Fix: Remove browser default border for iframe in the editor
- [Layout]: Fix align controls for hybrid themes
- Visual Regression tests: use default playwright utils
- SelectControl: Fix multiple prop styling
- Fix clicking on the toggle button not closing the block inserter
- Update deps for the useEffect that creates navigation menus
- Minor updates in Private APIs docs
- Site Editor: Fix custom Template Parts rename action
- [Block Library - Cover]: Ensure url is not malformed due to sanitization through wp_kses
- Revert "Prevent the image from being resized larger than its container"
- Lodash: Remove from @wordpress/keycodes package
- Distraction free mode: Fix keyboard shortcut not working
- Popover: lock the __experimentalPopoverPositionToPlacement function
- Rename the "experiments" export to "privateApis"
- Add an aria label to the site save dialog
- Navigator: add more pattern matching tests, refine existing tests
- Add parent navigation support for the navigator component
- Add back link to Design heading in site editor navigation to return to Dashboard
- Add a nested level when selecting templates or template parts
- Move site editor 6.2 specific code to the right file
- Fix site editor navigation
References:
* [1bf01c01a8 Gutenberg's commit for publishing the packages]
Follow-up to [55257].
Props ntsekouras.
See #57471.
Built from https://develop.svn.wordpress.org/trunk@55333
git-svn-id: http://core.svn.wordpress.org/trunk@54866 1a063a9b-81f0-0310-95a4-ce76da25c4cd
As menus are re-arranged, it's possible a menu item was created prior to its parent.
This introduces a test to ensure the order in which menu items are created relevant to their parents does not trigger errors.
Props costdev, peterwilsoncc.
Fixes#57122.
Built from https://develop.svn.wordpress.org/trunk@55328
git-svn-id: http://core.svn.wordpress.org/trunk@54861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
User should not have to reach the admin menu toggle in order to close the menu. This can be a problem for one-handed mobile use, users with small hands, and numerous other situational usages.
Close the admin menu when focus moves anywhere other than the menu or the menu toggle and the current document is active.
Props kaneva, sabernhardt, costdev, ryokuhi, hellofromtonya, dhusakovic, thelovekesh, joedolson.
Fixes#53587.
Built from https://develop.svn.wordpress.org/trunk@55326
git-svn-id: http://core.svn.wordpress.org/trunk@54859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes the `WP_Error` code for `'Invalid user ID.'`. Why?
tl;dr
This branch will never be entered as the `$user` will never be falsey.
Longer reasoning:
[39954] introduced `WP_REST_Users_Controller::get_user()` method to encapsulate getting the user and handling the `'Invalid user ID.'` `WP_Error`. It replaced `get_userdata()` in `WP_REST_Users_Controller::update_item()` but left the existing `'Invalid user ID.'` `WP_Error` introduced in [38832].
The code removed in this changeset will never be reached because `$user` will never be falsey. Rather, `WP_REST_Users_Controller::get_user()` will always return an instance of `WP_Error` or `WP_User`.
Could the user's ID be falsey?
No. Why? `WP_REST_Users_Controller::get_user()` checks that the user exists, which checks if the ID is falsey.
Therefore, the code can safely be removed.
Follow-up to [39954], [38832].
Props jrf, costdev, hellofromTonya, SergeyBiryukov.
Fixes#56662.
Built from https://develop.svn.wordpress.org/trunk@55325
git-svn-id: http://core.svn.wordpress.org/trunk@54858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This ensures that `get_comments()` is called with the correct parameter name in:
* `wp_comments_personal_data_exporter()`
* `wp_comments_personal_data_eraser()`
Follow-up to [42888], [42994].
Props smeunus, kapilpaul, SergeyBiryukov.
Fixes#57700.
Built from https://develop.svn.wordpress.org/trunk@55324
git-svn-id: http://core.svn.wordpress.org/trunk@54857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Adds styles into `wp-includes/css/classic-themes.css` to restore file block button element styling for classic themes.
Why?
In [54257] and [54118], button element styles were moved from each block to `theme.json`. For the file block, the download button styles were removed from the block's stylesheet. These changes impacted themes without a `theme.json` file (i.e. classic themes).
This changeset restores the styles for backwards-compatibility.
References:
* [https://github.com/WordPress/gutenberg/pull/47686 Gutenberg PR 47686]
Follow-up to [54257], [54118].
Props wildworks, scruffian, mamaduka, ntsekouras.
Fixes#57688.
Built from https://develop.svn.wordpress.org/trunk@55323
git-svn-id: http://core.svn.wordpress.org/trunk@54856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
[52065] originally introduced the logic to guess the LCP image based on certain heuristics and to not lazy-load that image. However, with the introduction of block themes, that logic was not functioning correctly, resulting in all featured images to be lazy-loaded, regardless of whether it was the LCP image or not.
Together with an update to the `core/post-featured-image` block included in [55079], this changeset fixes the logic to correctly handle featured images in block themes as well.
Additionally, in combination with an update to the `core/template-part` block from [55246], this changeset includes an enhancement which uses the benefits of block template parts to avoid lazy-loading images in the `header` block template part, making the lazy-loading heuristics even more accurate for sites using a block theme.
Props flixos90, adamsilverstein, mamaduka, antonvlasenko, shahidul95, reduanmasud, costdev, mukesh27, ironprogrammer, manfcarlo, robinwpdeveloper, spacedmonkey.
Fixes#56930.
Built from https://develop.svn.wordpress.org/trunk@55318
git-svn-id: http://core.svn.wordpress.org/trunk@54851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset ensures that text color for citation are inherited when the user specifies color for the Pullquote or Quote block, or if one of those blocks is inside a block with a background.
Props nithins53, kajalgohel, kmadhak, sabernhardt, devtanbir, james-roberts, sapayth, rafinkhan, robinwpdeveloper, poena.
Fixes#55990.
Built from https://develop.svn.wordpress.org/trunk@55317
git-svn-id: http://core.svn.wordpress.org/trunk@54850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Removes adding `local()` as a `@font-face` `src` within `_wp_theme_json_webfonts_handler()`.
Why?
To fix font incompatibilities when a user has the font-family locally installed on their viewing computer or device. It's unknown if all of the font-face variations specified by theme.json and/or global styles are:
* installed on the user's computer/device.
* and in one file or multiple files.
The previous implementation used the `src` specified when registering the font with the API. That src will likely vary from user computer/device to user computer/device.
To avoid these unknowns which could cause incompatibilities or styling issues, this changeset removes adding `local()` to the generated font-face CSS styles.
References:
* [https://github.com/WordPress/gutenberg/pull/47254 Gutenberg PR 47254]
Follow-up to [53282].
Props luehrsen, aristath, ehtmlu, hellofromTonya, wetah.
Fixes#57430.
Built from https://develop.svn.wordpress.org/trunk@55314
git-svn-id: http://core.svn.wordpress.org/trunk@54847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
While also used for post passwords and application passwords, the PasswordHash library appears to be initially introduced and primarily used for user passwords, so the test file can be moved to the `user` directory.
Follow-up to [6350], [55310].
See #56340.
Built from https://develop.svn.wordpress.org/trunk@55313
git-svn-id: http://core.svn.wordpress.org/trunk@54846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This changeset uses an `(int)` cast to prevent a PHP 8.1 deprecation notice for "Implicit conversation from float to int loses precision" in `PasswordHash::gensalt_blowfish()`.
Props hanshenrik, jrf, desrosj, costdev.
Fixes#56340.
Built from https://develop.svn.wordpress.org/trunk@55310
git-svn-id: http://core.svn.wordpress.org/trunk@54843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This resolves 80+ WPCS warnings in core:
{{{
Variable "$comment_ID" is not in valid snake_case format
}}}
While matching the database field of the same name, the `$comment_ID` variable did not follow the WordPress coding standards, and is now renamed to address that.
This affects:
* Function parameters in:
* `get_comment_author()`
* `comment_author()`
* `get_comment_author_email()`
* `comment_author_email()`
* `get_comment_author_link()`
* `comment_author_link()`
* `get_comment_author_IP()`
* `comment_author_IP()`
* `get_comment_author_rl()`
* `comment_author_url()`
* `get_comment_date()`
* `comment_date()`
* `get_comment_excerpt()`
* `comment_excerpt()`
* `get_comment_text()`
* `comment_text()`
* `get_comment_time()`
* `comment_time()`
* `get_comment_type()`
* `get_page_of_comment()`
* `wp_new_comment_notify_moderator()`
* `wp_new_comment_notify_postauthor()`
* `get_commentdata()`
* Internal variables in:
* `get_comment_ID()`
* `wp_new_comment()`
* `wp_xmlrpc_server::wp_deleteComment()`
* `wp_xmlrpc_server::wp_editComment()`
* `wp_xmlrpc_server::wp_newComment()`
* `wp_xmlrpc_server::pingback_ping()`
* Hook parameters in:
* `get_comment_author`
* `comment_author`
* `get_comment_author_email`
* `author_email`
* `get_comment_author_link`
* `get_comment_author_IP`
* `get_comment_author_url`
* `comment_url`
* `get_comment_excerpt`
* `comment_excerpt`
* `get_comment_ID`
* `get_comment_type`
* `get_page_of_comment`
* `comment_{$new_status}_{$comment->comment_type}`
* `comment_post`
* `notify_moderator`
* `notify_post_author`
* `commentrss2_item`
* `xmlrpc_call_success_wp_deleteComment`
* `xmlrpc_call_success_wp_editComment`
* `xmlrpc_call_success_wp_newComment`
* `pingback_post`
Note: The name change only affects variable names and DocBlocks.
The change does not affect:
* `comment_ID` as the `$orderby` value in `WP_Comment_Query::__construct()`
* `comment_ID` as the `$orderby` value in `WP_Comment::get_children()`
* `comment_ID` as part of `$commentarr` parameter in `wp_update_comment()`
The associated array keys still match the database field.
Follow-up to [53723].
Props krunal265, costdev, SergeyBiryukov.
Fixes#57671. See #56791.
Built from https://develop.svn.wordpress.org/trunk@55308
git-svn-id: http://core.svn.wordpress.org/trunk@54841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The non-focused state of the `.screen-reader-shortcut` element in the admin bar fails contrast tests. This has no real-world consequences, but raises false positives in some automated testing tools. This fix is largely so people using automated testing will not raise false positives.
Props sabernhardt, afercia, robinwpdeveloper, re_enter_rupok.
Fixes#56789.
Built from https://develop.svn.wordpress.org/trunk@55307
git-svn-id: http://core.svn.wordpress.org/trunk@54840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This adds a devcontainer configuration tested for use with GitHub Codespaces. It is currently built on top of the Docker `wordpress` image for initial trial purposes. We should eventually be using our own containers to fully own the environment.
This should be considered a beta run to get a sense of how well cloud dev containers work for core contributors, in particular at contributor day events with limited bandwidth and mobile devices.
Props samruddhikhandale, dinhtungdu, helen, craiglpeters, sam1el, wirecat.
See #57187.
Built from https://develop.svn.wordpress.org/trunk@55303
git-svn-id: http://core.svn.wordpress.org/trunk@54836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Use `rtrim` instead of `untrailingslashit` and `trailingslashit` directly.
Avoids `formatting.php` dependency and thus prevents an error when called via `wp_load_translations_early()`, which happens e.g. when in maintenance mode.
Props grl570810, ocean90.
Fixes#57218.
Built from https://develop.svn.wordpress.org/trunk@55302
git-svn-id: http://core.svn.wordpress.org/trunk@54835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The `$credentials['user_login']` and `$credentials['user_password']` parameters are passed by reference to the `wp_authenticate` action, and are at that point [https://www.php.net/manual/en/language.references.pass.php#124383 created as null] if they don't exist in the array.
This commit sets those values to an empty string, resolving two PHP 8.1 deprecation notices:
* One from `preg_replace()` in `wp_strip_all_tags()` via `sanitize_user()` in `wp_authenticate()`:
{{{
Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
* One from `trim()` in `wp_authenticate()` itself:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}
Includes documenting the `$credentials` parameter using hash notation.
Follow-up to [6643], [37697].
Props lenasterg, TobiasBg, ocean90, afragen, lkraav, SergeyBiryukov.
Fixes#56850.
Built from https://develop.svn.wordpress.org/trunk@55301
git-svn-id: http://core.svn.wordpress.org/trunk@54834 1a063a9b-81f0-0310-95a4-ce76da25c4cd